Offensive security at Meta’s Red Team X
Listen now
Description
Red Team X is a security team at Meta that is responsible for finding and exploiting vulnerabilities in third-party products that could impact Meta's own security. The team acts as a hybrid between a traditional red team, which focuses on probing their own organisation's systems and products for vulnerabilities, and an elite bug-hunting group. The team was founded by Vlad I. in 2020 when the pandemic and the sudden shift to Work From Home challenged various previously-held assumptions about security. In his discussion with Pascal, Vlad explains the roles of different security teams within Meta, how they go about prioritising the highest-impact targets to exploit and how they work with vendors to ensure not just Meta but the entire world benefits from the fixes produced. Got feedback? Send it to us on Twitter (https://twitter.com/metatechpod), Instagram (https://instagram.com/metatechpod) and don’t forget to follow our host @passy (https://twitter.com/passy and https://mastodon.social/@passy). Fancy working with us? Check out https://www.metacareers.com/.   Links: The Diff episode about Velox: https://thediffpodcast.com/docs/episode-17 Risky Business Podcast: https://risky.biz/ RTX Blog: https://rtx.meta.security RTX Disclosures: https://rtx.meta.security/bugs RTX in WIRED: https://www.wired.com/story/facebook-red-team-x-vulnerabilities/   Timestamps: Intro 0:06 Vlad Intro 1:55 Red Teaming 2:43 Staying up-to-date 6:34 Different team colours 10:02 Defence-in-depth 12:44 Red Team X 15:57 Hardware v Software 19:43 Focus areas 21:29 Prioritising requests 22:44 Notable RTX Disclosures 26:05 Vulnerability disclosure policy 28:52 Getting into offensive security 38:48 Outro 40:51  
More Episodes
How do you build your own mixed reality headset from sketch to scale? That's exactly what Alfred Jones, VP of hardware engineering at Meta Reality Labs, discussed with host Pascal. From choosing the right display technology, battery, thermal budget and of course hitting the right price point. How...
Published 10/30/24
Published 10/30/24
At Meta, engineers are our biggest asset which is why we have an entire org tasked with making them as productive as possible. But how do you know if your projects for improving developer experience are actually successful? For any other product, you would run an A/B test but that requires...
Published 09/30/24